package com.simons.module.safe.filter.xss;

import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;

public class XssEscape {
	public static String Escape(String value){
		if(StringUtils.isNotBlank(value)){
			value = cleanXSS(value);
			value = StringEscapeUtils.escapeSql(value);
		}
		return value;
	}
	
    public static String cleanXSS(String value) {
    	if(StringUtils.isNotBlank(value)){
    		value = value.replaceAll("<", "&lt;").replaceAll(">", "&gt;");
            value = value.replaceAll("%3C", "&lt;").replaceAll("%3E", "&gt;");
            value = value.replaceAll("\\(", "&#40;").replaceAll("\\)", "&#41;");
            value = value.replaceAll("%28", "&#40;").replaceAll("%29", "&#41;");
            value = value.replaceAll("'", "&#39;");
            value = value.replaceAll("eval\\((.*)\\)", "");
            value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
            value = value.replaceAll("script", "");
    	}
        return value;
    }
}
